Bug 242041

Summary: CVE-2007-2448 subversion revision property information leak
Product: [Other] Security Response Reporter: Joe Orton <jorton>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecified   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-16 09:21:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joe Orton 2007-06-01 12:52:47 UTC 
Description of problem:
http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt

Subversion versions up to and including 1.4.3 have a bug which allows,
in certain specific scenarios, data stripped from the output of 'svn
log' due to the requesting user's lack of access priveleges to be
visible via 'svn propget', 'svn proplist', and 'svn propedit'.
Comment 1 Gianluca Varisco 2007-06-10 00:28:14 UTC 
subversion 1.4.4, released the 8th of June (
http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1891 ), fixes
CVE-2007-2448 and others minor bugs.
Comment 2 Tomas Hoger 2008-01-16 09:21:07 UTC 

*** This bug has been marked as a duplicate of 243757 ***